Skip to main content

Hacking Team hacked: firm sold spying tools to repressive regimes, documents claim

The cybersecurity firm Hacking Team appears to have itself been the victim of a hack, with documents that purport to show it sold software to repressive regimes being posted to the company’s own Twitter feed.
The Italy-based company offers security services to law enforcement and national security organisations. It offers legal offensive security services, using malware and vulnerabilities to gain access to target’s networks.
According to the documents, 400GB of which have been published, Hacking Team has also been working with numerous repressive governments – something it has previously explicitly denied doing. It has not been possible to independently verify the veracity of the documents.
The perpetrators of the apparent hack used the company’s own official Twitter feed (renamed “Hacked Team”) to communicate. They continued to post to the feed for hours after, highlighting specific documents they claim come from the hack, such as emails, invoices and even screenshots of Hacking Team employees’ computers, until the company regained control on Monday morning and removed the posts.
One such tweet, which has since been removed, purports to show Hacking Team negotiating with a third-party reseller to export its malware to Nigeria. If the sale took place, it may have bypassed Italian export controls. Another is claimed to show the company debating what to do after an independent investigation from the University of Toronto attacked it for selling hacking tools to Ethiopia, which then used it to target journalists in the US and elsewhere. The company has never publicly confirmed nor denied working with Ethopia, and in March this year a spokesman dismissed earlier reports as “based on some nicely presented suppositions”.
One of the now-deleted tweets from @hackingteam.
 One of the now-deleted tweets from @hackingteam. Photograph: Twitter
The company has repeatedly denied selling its technology to repressive regimes. In 2013, a Reporters Without Borders report that named Hacking Team as one of the “corporate enemies of the internet” for its position as a “digital mercenary” prompted a response from the firm. In a statement, it said: “Hacking Team goes to great lengths to assure that our software is not sold to governments that are blacklisted by the EU, the USA, Nato and similar international organisations or any ‘repressive’ regime.”
Advertisement
But, if genuine, the leaked documents suggest that among Hacking Team’s clients are the governments and security services of Azerbaijan, Kazakhstan, Uzbekistan, Russia, Bahrain, Saudi Arabia and the UAE, many of whom have been criticised by international human rights organisations for their aggressive surveillance of citizens, activists and journalists both domestically and overseas.
Most notably, the documents include an invoice for €480,000, which purports to be from the Sudanese national intelligence service, dated June 2012. Three years later, in January 2015, the company told the UN’s Italian representative that it had no current business relations with the country, prompting the follow-up question “as to whether there have any previous business arrangements” with Sudan, the answer to which is not recorded.
A separate document contained in the apparent file dump appears to show Sudan, along with Russia, listed as “not officially supported”, as opposed to the “active” or “expired” status held by most other nation states.
The company describes itself as in the business of “providing tools to police organisations and other government agencies that can prevent crimes or terrorism”, but if the documents are genuine they suggest it may be willing to sell to non-state actors as well. One invoice apparently reveals the company dealing with a private Brazilian firm, YasNiTech, to whom it sold three months access to its remote access tool, allowing the firm to hack in to Android and Blackberry phones, and Windows devices. We do not know if this sale was part of a wider contract with the Brazilian government.
Hacking Team is one of a number of security firms that sell surveillance technology and malware to national governments, enabling them to access the computers of their targets. Gamma International, another firm in the same space that was best known for its FinFisher surveillance software, suffered a similar hack in 2014. In the 40GB of data on FinFisher leaked, the company’s clients, capabilities and pricing was revealed; according to the leaked documents, Hacking Team was celebrating the demise of “a wannabe competitor of ours”. The hacker behind the Gamma International hack has now claimed responsibilityfor the Hacking Team leak as well, according to Motherboard’s Lorenzo Franceschi-Bicchierai.
Hacking Team refused to give comment over the phone, directing the Guardian to an email address. Multiple emails to that address and others given on the firm’s website were returned as undeliverable, and on a follow-up call, Hacking Team again declined to comment and directed the paper to the broken email address. When the Guardian explained that the email address was not working, Hacking Team declined to give an alternative address or any other form of contact.
Christian Pozzi, one of the firm’s employees, tweeted to say that the documents contained “false lies” about the services the company offers.
“A lot of what the attackers are claiming regarding our company is not true. Please stop spreading false lies about the services we offer,” Pozzi tweeted. “We are currently working closely with the police at the moment. I can’t comment about the recent breach.”
Pozzi’s feed was later itself hacked, and later still the entire account was deleted.
Privacy groups have welcomed a rare chance to potentially look inside the workings of a cyber-surveillance company such as Hacking Team. PrivacyInternational said in a statement: “Yesterday’s leak of materials reportedly shows how Hacking Team assisted some of the world’s most repressive regimes – from Bahrain to Uzbekistan, Ethiopia to Sudan – to spy on their citizens.
“We know from investigations by Citizen Lab that these tools are used to target human rights activists and pro-democracy supporters at home and abroad.Surveillance companies like Hacking Team have shown they are incapable of responsibly regulating themselves, putting profit over ethics, time after time. Since surveillance companies continue to ignore their role in repression, democratic states must step in to halt their damaging business practices.”

Comments

Post a Comment

Popular posts from this blog

Top five MLM companies in Pakistan

There are several multi levels marketing (MLM) or direct selling companies in Pakistan since 1999 but some of them are better than the others. We have some big names in the list of MLM companies in Pakistan. These companies are local and international companies and also have a great reputation in the world. Here we are giving some important information about these companies for the people who are searching for their career company in Pakistan. These are the top five MLM companies in Pakistan . These are decided by the top network marketers and by the masters of all kind of marketing in Pakistan. The ELI Enlightenment through learning and implementation (ELI) is one of the best MLM or direct selling company in Pakistan and a pure Pakistani company in the area. This company is working on the educational products. These products are computer courses, ielts, spoken English and some kind of other courses. All courses are in DVD’s. These courses are very expensive in ...
1 comment
Read more

Run Android on Your Computer

Run Android on Your Computer And Run Any VoIP App on It Screenshot of Jar of Beans Android Emulator. by Nadeem Unuth Updated March 20, 2017 There are so many interesting apps there on Android that would be great if you could have them on your computer. There are those games, and there are those communication tools that allow you to save money and to communicate using text, voice, and video. Well, there are things you can do to run VoIP apps like WhatsApp , Viber , WeChat , BBM and all the other apps you find on Google Play on your computer just like you would run them on your Android device. You only have to install software called an Android emulator. It simulates the functions of an Android device on your computer and runs like an operating system within your computer’s operating system.  Your mouse curs...
Post a Comment
Read more

How to create a contact form with Bootstrap ? (JQuery/PHP/HTML5/JqBootstrapValidation)

How to create a contact form with Bootstrap ? (JQuery/PHP/HTML5/JqBootstrapValidation) ​ How to create contact Form - FREE PDF Code Examples Links to all the resources GIVE ME MY PDF! Hey guys! Today we will talk about such essential feature for any website as contact form. Recently, while working on one of the projects, I had a pleasure combining couple of very nice tools (Bootstrap 3 + JQuery + jqBootstrapValidation), which resulted in minimalistic , but powerful contact form, that would be a good addition to any website. VIEW DEMO            CODE In this post I will walk you through the process of developing this form. Also if you just want to put it in your website, just pulled from my github repo and have fun. Sounds good ? Let’s start. When I was developing my form I had in mind following goals: – Minimalistic design – Track person’s contacts for future commu...
Post a Comment
Read more